NAME=syft

FINGERPRINT_FILE := cache.fingerprint

# for local testing (not testing within containers) use the binny-managed version of cosign.
# this also means that the user does not need to install cosign on their system to run tests.
COSIGN_BINARY=../../.tool/cosign

IMAGE_NAME=$(NAME)-install.sh-env
UBUNTU_IMAGE=$(IMAGE_NAME):ubuntu-20.04
ALPINE_IMAGE=$(IMAGE_NAME):alpine-3.6
BUSYBOX_IMAGE=$(IMAGE_NAME):busybox-1.36

ENVS=./environments
DOCKER_RUN=docker run --rm -t -w /project/test/install -v $(shell pwd)/../../:/project
UNIT=make unit-run

# acceptance testing is running the current install.sh against the latest release. Note: this could be a problem down
# the line if there are breaking changes made that don't align with the latest release (but will be OK with the next
# release). This tests both installing with signature verification and without.
ACCEPTANCE_CMD=sh -c '../../install.sh -v -b /usr/local/bin && syft version && rm /usr/local/bin/syft && ../../install.sh -b /usr/local/bin && syft version'
# we also want to test against a previous release to ensure that install.sh defers execution to a former install.sh
PREVIOUS_RELEASE=v0.33.0
ACCEPTANCE_PREVIOUS_RELEASE_CMD=sh -c "../../install.sh -b /usr/local/bin $(PREVIOUS_RELEASE) && syft version"


define title
    @printf '\n≡≡≡[ $(1) ]≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡\n'
endef

.PHONY: test
test: unit acceptance

.PHONY: ci-test-mac
ci-test-mac: unit-run acceptance-local

# note: do not add acceptance-local to this list
.PHONY: acceptance
acceptance: acceptance-ubuntu-20.04 acceptance-alpine-3.6 acceptance-busybox-1.36

.PHONY: unit
unit: unit-ubuntu-20.04

.PHONY: unit-local
unit-local:
	$(call title,unit tests)
	@for f in $(shell ls *_test.sh); do echo "Running unit test suite '$${f}'"; bash -c "COSIGN_BINARY=$(COSIGN_BINARY) ./$${f}" || exit 1; done

.PHONY: unit-run
unit-run:
	$(call title,unit tests)
	@for f in $(shell ls *_test.sh); do echo "Running unit test suite '$${f}'"; bash $${f} || exit 1; done

.PHONY: acceptance-local
acceptance-local: acceptance-current-release-local acceptance-previous-release-local

.PHONY: acceptance-current-release-local
acceptance-current-release-local:
	$(ACCEPTANCE_CMD)

.PHONY: acceptance-previous-release-local
acceptance-previous-release-local:
	$(ACCEPTANCE_PREVIOUS_RELEASE_CMD)
	syft version | grep $(shell echo $(PREVIOUS_RELEASE)| tr -d "v")

.PHONY: save
save: ubuntu-20.04 alpine-3.6 busybox-1.36
	@mkdir cache || true
	docker image save -o cache/ubuntu-env.tar $(UBUNTU_IMAGE)
	docker image save -o cache/alpine-env.tar $(ALPINE_IMAGE)
	docker image save -o cache/busybox-env.tar $(BUSYBOX_IMAGE)

.PHONY: load
load:
	docker image load -i cache/ubuntu-env.tar
	docker image load -i cache/alpine-env.tar
	docker image load -i cache/busybox-env.tar

## UBUNTU #######################################################

.PHONY: acceptance-ubuntu-20.04
acceptance-ubuntu-20.04: ubuntu-20.04
	$(call title,ubuntu:20.04 - acceptance)
	$(DOCKER_RUN) $(UBUNTU_IMAGE) \
		$(ACCEPTANCE_CMD)

.PHONY: unit-ubuntu-20.04
unit-ubuntu-20.04: ubuntu-20.04
	$(call title,ubuntu:20.04 - unit)
	$(DOCKER_RUN) $(UBUNTU_IMAGE) \
		$(UNIT)

.PHONY: ubuntu-20.04
ubuntu-20.04:
	$(call title,ubuntu:20.04 - build environment)
	docker build -t $(UBUNTU_IMAGE) -f $(ENVS)/Dockerfile-ubuntu-20.04 .

## ALPINE #######################################################

# note: unit tests cannot be run with sh (alpine doesn't have bash by default)

.PHONY: acceptance-alpine-3.6
acceptance-alpine-3.6: alpine-3.6
	$(call title,alpine:3.6 - acceptance)
	$(DOCKER_RUN) $(ALPINE_IMAGE) \
		$(ACCEPTANCE_CMD)

.PHONY: alpine-3.6
alpine-3.6:
	$(call title,alpine:3.6 - build environment)
	docker build -t $(ALPINE_IMAGE) -f $(ENVS)/Dockerfile-alpine-3.6 .

## BUSYBOX #######################################################

# note: unit tests cannot be run with sh (busybox doesn't have bash by default)

# note: busybox by default will not have cacerts, so you will get TLS warnings (we want to test under these conditions)

.PHONY: acceptance-busybox-1.36
acceptance-busybox-1.36: busybox-1.36
	$(call title,busybox-1.36 - acceptance)
	$(DOCKER_RUN) $(BUSYBOX_IMAGE) \
		$(ACCEPTANCE_CMD)
	@echo "\n*** test note: you should see syft spit out a 'x509: certificate signed by unknown authority' error --this is expected ***"

.PHONY: busybox-1.36
busybox-1.36:
	$(call title,busybox-1.36 - build environment)
	docker build -t $(BUSYBOX_IMAGE) -f $(ENVS)/Dockerfile-busybox-1.36 .

## For CI ########################################################

# requirement 3: we always need to recalculate the fingerprint based on source regardless of any existing fingerprint
.PHONY: $(FINGERPRINT_FILE)
$(FINGERPRINT_FILE):
	@find ./environments/* -type f -exec sha256sum {} \; | sort -k2 > $(FINGERPRINT_FILE)
	@#cat $(FINGERPRINT_FILE) | sha256sum | awk '{print $$1}'
